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(57) ABSTIUCT 

Methods, systems and computer program products are pro- 
vided which allow for multi-party authentication by receiv- 
ing a plurality of biometric authentication messages from a 
corresponding plurality of users. The biometric authentica- 
tion messages include biometric data corresponding to the 
user. It is determined if each of the plurality of received 
biometric authentication messages is a valid message based 
on the biometric data contained in the biometric authenti- 
cation messages so as to determine a quantity of vahd 
biometric autiientication messages. An indication of authen- 
tication is then provided if the quantity of the valid messages 
of the received pluratity of messages is at least an authen- 
tication threshold value. 
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BIOMETRIC BASED MULTI-PARl'Y 
AUTHENTICATION 

HELD OF THE INVENTION 

The present invention relates to authentication of users 
and more particularly to multi-party authentication. 

BACKGROUND OF THE INVENTION 

In user authentication, it may be useful to provide access 
to certain resources or allow certain operations only if 
multiple users have been authenticated. For example, in 
software code revision, it may be beneficial to only allow 
certain revisions, such as publicatioii of a new version, if 
such revisions are authorized by multiple authenticated 
users. Similarly, it may be beneficial for certain financial 
transactions or to maintain privacy to require multiple user 
authentication before completing the transaction or allowing 
access to the private information. 

Previously, threshold systems have been devised to con- 
trol access to resources, information, or to authorize trans- 
actions or activities only if a specified number of users are 
authenticated. Such systems provide increased security over 
single user authentication or verification systems because an 
attacker would have to impersonate each of the specified 
number of users to break the security system. Alternatively, 
a sharing scheme could be utilized where only a subset of the 
users are required for authentication or verification. 

While such multi-party authentication and sharing 
schemes are known in the art, the potential still remains for 
an attacker to overcome the multi -party system by acquiring 
user identifications for multiple users and then impersonat- 
ing those users utilizing the acquired tiser identifications. 
Thus, further improvements may be needed to increase the 
security of multi-party systems. 

SUMMARY OF THE INVENTION 

In view of the above discussion, it is an object of the 
present invention to provide improved security in multi- 
party authentication/verification systems. 

These and other objects of the present invention may be 
provided by methods, systems and computer program prod- 
ucts for multi-party authentication which receive a plurality 
of biometric authentication messages from a corresponding 
plurality of users. The biometric authentication messages 
include biometric data corresponding to the user. It is 
determined if each of the plurahty of received biometric 
authentication messages is a valid message based on the 
biometric data contained in the biometric authentication 
messages so as to determine a quantity of valid biometric 
authentication messages. An indication of authentication is 
then provided if the quantity of the valid messages of the 
received plurality of messages is at least an authentication 
threshold value. 

By providing multi-party authentication based on biomet- 
ric information, the present invention provides for the 
increased difiSculty in impersonating an authorized user 
which may be provided by the use of biometric information. 

In a particular aspect of the present invention, the received 
biometric authentication messages include a user identifica- 
tion and user biometric data. In such a case, the received user 
biometric data is compared with previously stored biometric 
data corresponding to the user identification of the received 
biometric authentication message. The received biometric 
authentication message is considered a valid message if the 
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comparison indicates that the received user biometric data 
corresponds to the stored biometric data. The received and 
stored user biometric data may be a canonical biometric 
template generated from a plurahty of biometric samples. 
S Preferably, the canonical biometric templates are generated 
by majority decoding the plurality of biometric samples. 

In a further embodiment of the present invention, the 
biometric data is compared by determining a closeness 
between the received user biometric data and the previously 
10 stored biometric data. The received user biometric data 
corresponds to the previously stored biometric data if the 
closeness between the received user biometric data and the 
previously stored biometric data is within a predefined 
closeness threshold. 

The closeness between the received user biometric data 
and the previously stored biometric data may be determined 
based on a difference in value between the xiser biometric 
data and the previously stored biometric data. Alternatively, 
the closeness between the received user biometric data and 
^ the previously stored biometric data may be determined 
based on a Hamming distance between the received user 
biometric data and the previously stored biometric data. 

Preferably, the user biometric data and the stored biomet- 
ric data comprise at least one of fingerprint, hand geometry, 
iris pattern, facial features, voice characteristics, handwrit- 
ing dynamics, earlobe characteristics and keystroke dynam- 
ics. 

In still another embodiment of the present invention, the 
received biometric authentication message includes a 
sample of biomeuic information from a user and a signed 
tuple comprising a tiscr identification and a biometric tem- 
plate corresponding to the user. In such a case, the signature 
of the signed tuple and the received sample of user biometric 
data compared with the biometric template of the received 
tuple if the signature of the signed tuple is verified. The 
received biometric authentication message is a vaUd mes- 
sage if the comparison indicates that the received sample of 
user biometric data corresponds to the biometric template of 
the signed tuple. 

The comparison of the received sample of user biometric 
data and the biometric template of the signed tuple may be 
a closeness comparison as described above. 

In another embodiment of the present invention, the 

45 received biometric authentication message includes an 
encrypted biometric sample of the user. The received 
encrypted biometric sample is compared with encrypted 
biometric templates of valid users. The received biometric 
authentication message is considered a valid message if the 

50 comparison indicates that the received encrypted biometric 
sample corresponds to an encrypted biometric template of a 
valid user. 

The comparison of the received encrypted biometric 
sample and the encrypted biometric template may be a 

55 determination of closeness between the received encrypted 
biometric sample and a candidate encrypted biometric tem- 
plate. The encrypted biometric sample corresponds to the 
candidate encrypted biometric template if the closeness 
between the received encrypted biometric sample and a 

60 candidate encrypted biometric template is within a closeness 
threshold. 

As described above, the closeness between the received 
encrypted biometric sample and a candidate encrypted bio- 
meU'ic template may be determined based on a difference in 
65 value between the biometric sample and the biometric 
template. Similarly, the closeness between the received 
encrypted biometric sample and a candidate encrypted bio- 



07/23/2004, EAST Version: 1.4.1 



us 6,697,947 Bl 



metric template may be determined based on a Hamming 
distance between the biometric sample and the bio metric 
template. 

In an embodiment where the closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template is determined based on a 
difference in value between the biometric sample and the 
biometric template, the nuimber of bits in the biometric 
templates (T) corresponding to the encrypted biometric 
templates is denoted by f, a publicly known prime number 
(p) larger than 2^ is fixed, and a non-secret integer (g) 
between 2 and p-2 is selected. In such a case, the biometric 
templates (T) of valid users may be encrypted by determin- 
ing z=g"^(mod p) to provide the encrypted biometric tem- 
plates (z) of valid users. Valid closeness indicator values (x) 
may be generated where x-g^(mod p) for integers between 
0 and the closeness threshold. The valid closeness indicators 
are then stored. 

The biometric sample (B) is also encrypted by determin- 
ing y«g^(mod p) so as to provide the encrypted biometric 
sample (y). The closeness between the received encrypted 
biometric sample and a candidate encrypted biometric tem- 
plate and the determination that the encrypted biometric 
sample corresponds to the candidate encrypted biometric 
template if the closeness between the received encrypted 
biometric sample and a candidate encrypted biometric tem- 
plate is within a closeness threshold may then be performed 
by determining if cither y/z (mod p) or (y/z)~^(mod p) is 
equal to one of the stored valid closeness indicator. 

Furthermore, a plurality of biometric templates having a 
plurality of closeness thresholds may be associated with a 
user In such a case, the valid closeness indicator values (x), 
where x=g''(mod p), may be generated for integers between 
0 and a highest value of the closeness thresholds associated 
with the plurality of biometric templates. 

In another embodiment, the closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template is determined based on a 
Hamming distance between the biometric sample and the 
biometric template. Again, the biometric templates (T) cor- 
responding to the encrypted biometric templates comprise f 
bits, a publicly known prime number (p) is larger than 2-'^ and 
a non-secret integer (g) is between 2 and p-2. The biometric 
templates (T) of valid users are encrypted by determining 
z=g (mod p) to provide the encrypted biometric templates 
(z) of valid users. A biometric sample (B) is encrypted by 
determining y=g^(mod p) so as to provide the encrypted 
biometric sample (y). The set of values 2"" for each m and 
n are stored as a set of initial closeness indicators (c), where 
n is the set of integer values from 0 to 2 and m is the set of 
integer values from 0 to f-1. The encrypted biometric 
sample corresponds to the candidate encrypted biometric 
template if the closeness between the received encrypted 
biometric sample and a candidate encrypted biometric tem- 
plate is within a closeness threshold where the closeness 
between the encrypted biometric sample (y) and the 
encrypted biometric template (z) is determined utilizing the 
initial closeness indicators (c). 

In particular, the closeness between the encrypted bio- 
metric sample (y) and the encrypted biometric template (z) 
may be determined by determining if either y/z (mod p) or 
(y/z)"^(mod p) is equal to one of the stored initial closeness 
indicators. Alternatively, the closeness between the 
encrypted biometric sample (y) and the encrypted biometric 
template (z) may be determined by determining if either cy/z 
(mod p), c(y/z)'^(mod p), c"\y/z) (mod p) or c~^(y/z)"^ 
(mod p) is equal to one of the stored initial closeness 
indicators. 
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In still another embodiment of the present invention, a 
secret value is distributed across multiple users by dividing 
the secret value into a plurality of shares. A canonical 
biometric template is determined for each of the multiple 
5 users and each of the canonical biometric templates encoded 
to provide corresponding check digits. An ofiket is deter- 
mined for each of the multiple users where the offset 
associated with a users is determined based on the canonical 
biometric template of the user and a share of the secret value 
associated with the user. The corresponding offset and check 
digits are then provided to corresponding ones of the mul- 
tiple users. 

To recover the secret value, a sampled canonical biomet- 
ric template is obtained from a plurality of the multiple 
users. Corresponding offset and check digits of the plurality 
of multiple users are also obtained. TTie sampled canonical 
biometric templates are then error corrected utilizing the 
corresponding check digits of the plurality of multiple users 
so as to provide corrected canonical biometric templates for 
^ the plurality of the multiple users. Shares of the secret value 
corresponding to the plurality of the multiple users are then 
determined from the corresponding offset and corrected 
canonical biometric templates of the plurality of the multiple 
users. The secret value is then recovered from the deter- 
mined shares of the secret value. 

The canonical biometric template for each of the multiple 
users may be determined by obtaining a plurality of bio- 
metric samples for each of the multiple users and majority 
decoding the plurality of samples for corresponding ones of 
3Q the multiple users so as to provide corresponding canonical 
biometric templates. Furthermore, the canonical biometric 
templates may be encoded by generating an (N,M,D) code 
having an M-bit information vector and N-M bits of error 
correction check digits where the canonical biometric tem- 
35 plates comprise M bits. Preferably, the secret value is 
divided into a plurality of shares where the secret value can 
be reconstmcted from fewer than all of the plurality of 
shares. The secret value may be a secret key utilized with a 
public key cryptographic algorithm. 
40 The sampled canonical biometric template may be 
obtained from a plurality of the multiple users and the 
corresponding offset and check digits of the plurality of 
multiple users obtained by receiving from the plurality of 
multiple users a signed triple which comprises the offset, 
45 check digits and sampled canonical biometric templates 
corresponding to the user. The authenticity of the signature 
of the signed triple may be verified and the signed triple 
rejected if the verification fails to authenticate the signature 
of the signed triple. 
50 In still another embodiment of the present invention, 
biometric information is stored by storing a user identifica- 
tion associated with the biometric information, storing each 
of a plurality of templates of biometric data associated with 
the user identification and storing an identification of at least 
55 one of the plurality of templates as a primary biometric 
authentication type. Furthermore, a biometric type identifi- 
cation associated with each of the plurality of templates may 
also be stored. Preferably, the plurality of templates and the 
identification of the primary biometric authentication type 
60 are stored in an array indexed by the user identification. 
The primary biometric authentication type may be 
changed by receiving a message to change the identification 
of the primary biometric authentication type associated with 
a user. In such a case, a plurality of biometric validations 
65 may be required prior to changing the identification of the 
primary biometric authentication type associated with the 
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As will further be appreciated by those of skill in the art, authentication, verification or value generation utilizing 

the present invention may be embodied as methods, bioraetric information. As is well known to those having 

apparatus/systems and/or computer program products. skill in the art, biometric information is one or more behav- 
ioral and/or physiological characteristics of an individual. 

BRIEF DESCRIPTION OF THE DRAWINGS 5 Biometric identification and/or verification uses a data pro- 

* . Lir cessinc system to enable automatic identification and/or 

FIG. 1 IS diagram of a data processme system suitable for c *• r-j » •* u * * r 

^ . ° ^ verification 01 identity by computer assessment of a biomet- 

use with the present mvention; characteristic. In biometric verification, biometric infor- 

FIG. 2 is a detailed view of a data processing system mation is verified for a known individual. In biometric 

suitable for use with the present invention; identification, biometric information for an individual is 

FIG. 3 is a flowchart illustrating operations according to compared to known biometric information for man y indi- 

one embodiment of the present invention; vidual s in order to identify the individual. 

FIG. 4 is a flowchart illustrating operations according lo Biometric identification/verification systems, methods 
a first alternative embodiment of the present invention; and computer program products can measure one or more of 
FIG. 5 is a flowchart illustrating operations for determin- 15 following behavioral and/or physiological characteristics 
ing a canonical biometric template for use with the present individual: fingerprint, hand geometry, iris pattern, 
invention* facial features, voice characteristics, handwriting dynamics, 
^' a u 11 . • J . i_ earlobe characteristics and keystroke dynamics. Other bio- 
FIG. 6 IS a flowchart U ustratmg operaUons earned out by ^^^^^ characteristics may be used. Applications using bio- 
a user requesting authenticaUon according to one embodi- ^^^^^ technologies include biometric check cashing 
ment of the present mvention; machines, payment systems that substitute biometric data 
FIG. 7 IS a flowchart illustrating operations of according fo^ personal identification numbers, access control systems 
to an alternative embodiment of the present invention; that use biometric data, biometric employee time and attcn- 
FIG. 8 is a flowchart illustrating operations according to dance recording and biometric passenger control for trans- 
a further alternative embodiment of the present invention portation. Many other applications may utilize bioraetric 
utilizing a closeness determination; information for identification and/or verification. Sec the 
FIG, 9 is a flowchart illustrating operations for initializa- publications entitled "Biometrics, Is it a Viable Proposition 
tion of a system according to one embodiment of the present for Identity Authentication and Access ControV\ to Kim, 
invention utilizing a closeness determination; Computers & Security, Vol. 14, 1995, pp. 205-214; "A 
FIG, 10 is a flowchart illustrating operations for evaluat- 30 Robust Speaker Verification Biometric'', to George et al., 
ing the closeness of encrypted biometric templates system Proceedings, the IEEE 29"* International Carnahan Confer- 
according to one embodiment of the present invention enceonSecurity Technology, October 1995, pp. 41-46; ''On 
utilizing a closeness determination; Enabling Secure Applications Through Off-line Biometric 
FIG. 11 is a flowchart illustrating operations for initial- Identification", to Davida et al.. Proceedings of the IEEE 
ization of a system according to one embodiment of the 35 Computer Society Symposium on Research m Secunty and 
present invention utiHzing error correction coding; P^^^'^y> PP" 148-157; and ^Biometric Encryption: 
r^r^ • a i. -ii * *j j- * Information Privucy in a Networkcd Wor Id" Ao Btowii c{ 
FIG. 12 IS a flowchart illustrating operaUons according to _ r^T irr-i • ^ -.^^vr 
u J — 4 4: 41. ♦ • *■ * i- • EDI Forum: The Journal of Electronic Commerce, v. 10, No. 
one embodiment of the present invention utilizmg error ^ 

J. ^ 3, 1997, pp. 37-43. 

correction coding; . • • • 1 .,1. 

T^r^ ■ a 1 . 11 . r • 1 AO While the present invention is descnbed herein as utiliz- 

FIG. 13 IS a flowchart illustratmg operations for mitial- " . • 1 il- . • . c *u -n t. 

, , j-. Lj- *i:*t. ing a smgle biometnc type for authentication, as will be 

ization of a system accordmg to one embodiment of the ^ • * j u r 1 n • u- 1 * c 

, , / c • * 1 appreciated by those of skill m the art, multiple types of 

present invention for recovering a secret value; . • u j r *u t-L c 

^ ^ . o .1. . . . , biometnc data may be utilized for authentication. Thus, for 

FIG. 14 IS a flowchart illustratmg operaUons earned out example, fingerprint and iris scan may be used in combina- 

by a user accordmg to one embodiment of the present tion to generate a biometric template for a user. Furthermore, 

invention for recovenng a secret value; ^^^^ different types of biometric data may be treated 

FIG. 15 is a flowchart illustrating operations according to individually to provide muUiple biometric vectors of tem- 

one embodiment of the present invention for recovering a plates or combined to provide a single vector or template, 

secret value; and jjjg present invention can take the form of an entirely 

FIG. 16 is a flowchart illustrating operations according to 50 hardware embodiment, an entirely software (including 

an embodiment of the present invention for utilizing mul- firmware, resident software, micro-code, etc.) embodiment, 

tiple biometric templates associated with a user. or an embodiment containing both software and hardware 

aspects. Furthermore, the present invention can take the 

TisrvTi^rTn ' "^ ^ computer program product on a computer-usable 

55 or computer-readable storage medium having computer- 

The present invention now wiU be described more fuUy usable or computer-readable program code means embodied 

hereinafter with reference to the accompanying drawings, in in the medium for use by or in connection with an instruction 

which preferred embodiments of the invention are shown. execution system. In the context of this document, a 

This invention may, however, be embodied in many different computer-usable or computer-readable medium can be any 

forms and should not be construed as limited to the embodi- 60 means that can contain, store, communicate, propagate, or 

ments set forth herein; rather, these embodiments are pro- transport the program for use by or in connection with the 

vided so that this disclosure will be thorough and complete, instruction execution system, apparatus, or device, 

and will fully convey the scope of the invention to those The computer-usable or computer-readable medium can 

skiUed in the art. Like numbers refer to like elements be, for example but not limited lo, an electrouic, magnetic, 

throughout. 65 optical, electromagnetic, infrared or semiconductor system, 

The present invention can be embodied as systems, apparatus, device, or propagation medium. More specific 

methods, or computer program products for multi-party examples (a nonexhaustive list) of the computer-readable 
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medium would include the following: an electrical connec- sor or other processing system capable of carrying out the 
tion having one or more wires, a portable computer diskette, operations of the present invention. The memory 36 is 
a random access memory (R>Ovl), a read-only memory representative of the overall hierarchy of memory devices 
(ROM), an erasable programmable read-only memory containing the software and data used to implement the 
(EPROM or Flash memory), an optical fiber, and a portable 5 functionality of the computer system 30. The memory 36 
compact disc read-only memory (CD-ROM). Note that the can include, but is not limited to, the following types of 
computer-tisable or computer-readable medium could even devices: cache, ROM, PROM, EPROM, EEPROM, flash, 
be paper or another suitable medium upon which the pro- SRAM, and DRAM. As shown in FIG. 2, the memory 36 
gram is printed, as the program can be electronically may hold four major categories of soft^yare and data used in 
captured, via, for instance, optical scanning of the paper or the computer system 30: the operating system 52; the 
other medium, then compiled, interpreted, or otherwise apphcation programs 54; the input/output (I/O) device driv- 
processed in a suitable manner if necessary, and then stored ^rs 58; and the data 56. The I/O device dnvers 58 typicaUy 
in a computer memory. "^^1^^^ software routines accessed through the operatmg 
„ - r , 1 1 u J- * r system 52 by the application programs 54 to communicate 
Referrmg now to FIG. 1, an exemplary embodiment of a devices such as Oic input devLs 32, die display 34, the 
computer system 30 m accordance with the present inven- ,5 ^^^^ ^ ^j^^ microphone 42, the I/O data port(s) 46, and 
Uon typically mcludes mput devices 32, such as a keyboard ^^^^^y 3^ components. The applicaUon programs 
or keypad 31, a microphone 42 and/or preferably, a biomet- 54 comprise the programs that implement the various fea- 
ric information input device 35. The computer system 30 ^^^^ j^e computer system 30 and preferably include at 
also preferably includes a display 34 and a memory 36 that i^^st one apphcation module or object for multi-party 
communicate with a processor 38. The computer system 30 20 authentication/verification 60 which carries out the opera- 
may further include a speaker 44 and an I/O data port(s) 46 tions of the present invention as described below. As will be 
that also communicate with the processor 38. The I/O data appreciated by those of skill in the art, the module or object 
ports 46 can be used to transfer information between the 60 may perform different operations as described below 
computer system 30 and another computer system or a depending 00 the use of the computer system 30 as a user's 
network (e.g., the Internet). FIG. 1 also illustrates that 25 workstation, a central authority processing system or a 
computer system 30 may include a storage device 40 which shared processing system. 

communicates with memory 36 and processor 38. Such a Finally, the data 56 represents the static and dynamic data 
storage device may be any type of data storage device as used by the application programs 54, operating system 52, 
described above. These components are included in many VO device drivers 58, and any other software program that 
conventional computer systems (e.g., desktop, laptop, or 30 may reside in the memory 36. As illustrated in FIG. 2, the 
handheld computers) and their functionality is generally data 56 preferably includes a user identification 70 and 
known to those skilled in the art. biometric data 72 associated with the user. Additional inter- 
Furthermore, while the present invention is described mediate data (not shown) may also be stored in memory, 
with respect to the computer system 30, as will be appreci- Furthermore, while the present invention is described as an 
ated by those ofskill in the art, the present invention may be 35 apphcation executing on computer system 30, as will be 
incorporated into many other devices where multiple party appreciated by those of skiU in the art, the present invention 
authentication/verification may be desired and, thus, may may be implemented in any number of manners, including 
comprise an embedded function in many other devices. incorporation in operating system 52 or in an I/O device 
Thus, the present invention should not be construed as driver 58. 

Hmitcd to use in computer systems such as illustrated in FIG. 40 The present invention will now be described with respect 
1 but may be incorporated in any device having sufficient to FIGS. 3 through 16 which are flowchart illustrations of 
processing capabilities to carry out the operations described embodiments of the present invention. It will be understood 
below. Furthermore, as will be appreciated by those of skill that each block of the flowchart illustrations, and combina- 
in the art, the present invention may be utilized in a tions of blocks in the flowchart illustrations, can be imple- 
distributed system where multiple users' workstations or 45 mented by computer program instructions. These program 
other processing systems are operably connected with a instructions may be provided to a processor to produce a 
central authority processing system. Such systems may machine, such that the iostmctions which execute on the 
include dedicated devices connected to a central processing processor create means for implementing the functions 
system, remote processors connected through a network or specified in the flowchart block or blocks. The computer 
through direct connection, or other mechanisms for distrib- 50 program instructions may be executed by a processor to 
uting the operations of the present invention across multiple cause a series of operational steps to be performed by the 
processing systems. While the present invention is described processor to produce a computer implemented process such 
with respect to the processing system in FIG. 1, the present that the instmctions which execute on the processor provide 
invention should not be construed as Umited to operations steps for implementing the functions specified in the flow- 
carried out by a single processing system but should include 55 chart block or blocks. 

systems where operations are carried out by multiple pro- Accordingly, blocks of the flowchart illustrations support 

cessing systems. The processing system of FIG. 1 is, combinations of means for performing the specified 

therefore, merely provided as an example of a suitable functions, combinatioas of steps for performing the speci- 

processing system for use with the present invention and fied functions and program instruction means for performing 

may be utilized as a user's processing system, a central 60 the specified functions. It will also be understood that each 

authority processing system or as a single processing system block of the flowchart illustrations, and combinations of 

to which multiple users have access. blocks in the flowchart illustrations, can be implemented by 

no. 2 is a more detailed block diagram of the computer special purpose hardware-based systems which perform the 

system 30 that illustrates one application of the teachings of specified functions or steps, or combinations of special 

the present invention. The processor 38 communicates with 65 purpose hardware and computer instructions, 

the memory 36 via an address/data bus 48. The processor 38 The present invention provides for utihzing biometric 

can be any commercially available or custom microproces- data in multi-party situations. In the multiparty biometric- 
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based authentication/verification systems described herein, idemificaiion (i.e. the tuple (U,-, B,)) is extracted from the 

each user has at least one biometric characteristic measured authentication message (block 200). The stored bio metric 

by the system. These biometric characteristic types data is then retrieved utilizing the user identification in the 

(fingerprint, hand geometry, iris pattern, etc.) can be iden- extracted tuple (block 202), A comparison is then made 

tica! or different for each user. Biometric data samples are s utilizing the stored biometric data T, and the extracted 

obtained, such as with biomeuic input 35, in advance from biometric data B^- (block 204), If the biometric inforaaation 

each user and biometric templates are then calculated from matches (block 104) then a valid count is incremented to 

these data for each user. There arc n users (where n>0), indicate that the user provided valid biometric information 

denoted by their user identificationsrUj, Uj, . . , U„. The (block 108). It is then determined if the count of valid users 

users' pre-computcd reference "biometric templates" arc exceeds the thrcshold for allowing authentication (i.e. have 

denoted by T^, T^, • • T„. The users* "biometric samples" k xisers provided valid biometric information) (block 110). If 

taken in real-time are denoted by B^, B^, . . . B„. To create the threshold has been reached, then an indication of authen- 

a valid verification it Ls necessary that at least k of the users ticity is provided (block 112). 

(where 0<k<n ) present valid biometric samples to the If the biometric information provided by the user is not 

system. valid (block 204) or if the authentication threshold has not 

FIG. 3 illustrates one embodiment of the present inven- been reached (block 110), then it is determined if more 

tion. As is illustrated in FIG. 3, an authentication message is messages are available to process (block 106). If more 

obtained from a user (block 100) by, for example, receiving messages are available to process then the next message is 

the information at the I/O data ports 46 of computer system obtained and the validation process repeated. If however, no 

30. The biometric information about the user is extracted more messages are available to process, then there are 

from the authentication message (block 102). It is then 20 insufficient users providing valid biometric information and 

determined if the biometric information is valid for the user the authentication of the users is rejected (block 114). 

(block 104) and, if so, a valid count is incremented to In an alternative embodiment of the system of FIG. 4, a 

indicate that the user provided valid biometric information canonical biometric template is utilized as the stored and 

(block 108). It is then determined if the count of vafid users extracted biometric information. The generation of a canoni- 

exceeds the threshold for allowing authentication (Le. have 25 cal biometric template may be perfonned as illustrated in 

k users provided valid biometric information) (block 110). If FIG. 5. As slated in Davida el al., if several measurements 

the threshold has been reached, then an indication of authen- of a biometric are subjected to majority decoding at the time 

ticity is provided (block 112). of template creation, then that template can be considered 

If the biometric information provided by the user is not the "canonical" biometric template. Majority decoding may 

valid (block 104) or if the authentication threshold has not 3Q not be applicable to all types of biometric templates, but may 

been reached (block 110), then it is determined if more be suitable for use with, for example, iris biometrics. In the 

messages are available to process (block 106). If more event that biometrics are utilized which are not suitable for 

messages are available to process then the next message is majority decoding, then alternative methods of developing a 

obtained and the validation process repeated. If however, no canonical biometric template may be required. As will be 

more messages are available to process, then there are 35 appreciated by those of skill in the art, these methods may 

insufficient users providing valid biometric information and depend on the type of biometric. Furthermore, for some 

the authentication of the users is rejected (block 114). forms of biometrics a canonical biometric template need not 

As will be appreciated by those of skill in the art, the be determined if, for example, there is no variation in 

present invention may be utilized in many different appli- biometric samples. Thus, while the present invention is 

cations. Accordingly, the present invention has been 40 described with regard to majority decoding to develop a 

described with respect to the authentication operations rather canonical template, the present invention should not be 

than the operations for receiving messages, rejecting dupli- construed as requiring use of majority decoding or a canoni- 

cate messages, establishing timeout procedures or establish- cal template for all types of biometrics, 

ing time durations in which received messages are consid- Majority decoding can best be illustrated with an 

ered for authentication. Such specifics of particular uses of 45 example. If one has an odd number of biometric samples, 

the present invention may vary from application to applica- say B,-=10110101, B2= 100101 11, and 63=11 100111, then 

tion and may be readily determined by one of skill in the art the biometric vector obtained via majority decoding would 

in light of the discussion herein. Accordingly, in the interest be B^IOIIOIU. That is, in the three biometric samples (B^, 

of clarity, such application specific details are omitted from B^, and B3) the majority of bits in the first bit position are 

the description of the present invention provided herein as 50 ones, the majority of bits in the second bit position are 

such details would be readily apparent to those of skill in the zeroes, the majority of bits in the third bit position are ones, 

art in light of the particular application to which the teach- and so forth. Thus, as seen in FIG. 5, an odd number of 

ings of the present invention are applied. biometric measurements are obtained for a user (block 300). 

FIG. 4 illustrates a particular embodiment of the present The majority values for bits from the samples are then 

invention illustrated in FIG. 3. In the system illustrated in 55 determined (block 302) and a canonical template established 

FIG. 4, the user identifications (i.e., U J, U2, ... U„) and their using the majority bit values as the bits in the template 

associated biometric templates (i.e., Tj, T2, . . . T„) are stored (block 304). 

in the system in a central database (e.g., at aserver) as tuples The canonical biometric templates of users would then be 

of the form (U„ T,). In this case, the system protects the utilized in the system of FIG. 4 by storing the canonical 

integrity of the stored (U,-, T,-) values. Each user, i, presents eo biometric template for each user. Users would generate a 

user identification (i.e., U,) and the biometric sample (i.e., new template by taking multiple biometric samples and then 

B,) to the system. The system checks each user-supplied majority decoding the samples to provide a new canonical 

tuple (U^, Bj against the associated system tuple (U^., T^). If template. The new canonical template would be provided 

k or more valid uscr-suppfied tuples arc presented to the with the authentication message and compared to the stored 

system, then a valid verification is created. 65 canonical template to determine the validity of the authen- 

Thus, as seen in FIG. 4, an authentication message is lication message. Otherwise, operations would proceed as 

obtained (block lOO) and biometric data for a user and a user described with respect to FIG. 4. 



07/23/2004, EAST Version: 1.4.1 



us 6,697^ 

11 

FIGS. 6 and 7 iUustraie a further alternative embodimcDt 
of the present invention. In the alternative embodiment 
illustrated in FIGS. 6 and 7, each user, i, presents a "signed 
tuple" {(U,-, T,), Sig(U;, T..)} and its biometric sample (i.e.. 
B,) as part of an aulhenticalion message. The signed tuple, 5 
for example, can be stored on a card which is then read by 
a card reader at the time the user presents its biometric 
sample for authentication. The signature of the tuple is 
verified and is checked against T^-. If k or more valid 
user-supplied signed tuples arc presented for authentication 10 
then a valid verification is created. 

As seen in FIG. 6, the operations of a user of the signed 
authentication system are illustrated. As reflected at block 
310, a biometric sample or samples are obtained from the 
user The biometric template is then generated from the 
obtained sample or samples (block 312), The user identifi- 
cation and the biometric template along with the signed 
tuple { (U„ T,.), Sig(U,.. T,)} are then submitted for authen- 
tication (block 314). 

FIG. 7 illustrates operations for processing an authenti- 
cation message, such as that generated in FIG. 6. As is seen 
in FIG. 7, the authentication message is obtained (block 100) 
and the biometric data and user identification extracted from 
the message (block 400). The signature of the signed tuple 
in the message is then verified (block 402). If the signature 
is valid (block 404) then the signed biometric data in the 
tuple is compared to the extracted biometric data of the 
message (block 406). If the extracted and signed biometric 
data matches, then the message is validated and the valid 
count is incremented (block 108). It is then determined if the 
count of valid users exceeds the threshold for allowing 
authentication (i.e. have k users provided valid biometric 
information) (block 110). If the threshold has been reached, 
then an indication of authenticity is provided (block 112). 

If the signature is not vaUd (block 404) or the signed and 
extracted biometric data do not match (block 406), then the 
message is rejected and it is determined if more messages 
are available for processing (block 106). If more messages 
are available to process then the next message is obtained 
and the vahdation process repeated. If however, no more 
messages are available to process, then there are insufficient 
users providing valid biometric information and the authen- 
tication of the users is rejected (block 114), 

As will be appreciated by those of skill in the art in light 
of the above discussion, the biometric data utilized in the 
system of FIGS. 6 and 7 may take the form of a canonical 
biometric template such as generated by the operations of 
FIG. 5. Thus, the embodiment of FIGS. 6 and 7 should not 
be construed as limited to a single biometric sample. 

The alternative embodiment of FIGS. 6 and 7 utilizes a 
secret symmetric or public key infrastructure in place to 
provide the signature over (U,., T^. However, unUke the 
alternative embodiment illustrated in FIG. 4, a database of 
U/s and T/s does not need to be maintained (e.g., at a 55 
server). 

FIG. 8 describes another alternative embodiment of the 
present invention where biometric data is compared based 
on a "closeness" of the data rather than an absolute equality. 
As is illustrated in FIG. 8, the authentication message is 60 
obtained (block 100) and the biometric data extracted from 
the message (block 500). The closene&s of reference bio- 
metric data and the extracted biometric data is then deter- 
mined (block 502). The closeness may be determined in 
many diflferent ways. In particular preferred embodiments, 65 
the closeness is determined based on the difference in value 
between the reference biometric data and the extracted 
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biometric data. Alternatively, the closeness is measured as 
the Hamming distance between the reference biometric data 
and the extracted biometric data. The Hamming distance 
between two binary values is the number of bits in which the 
two values dififcr. 

After the closeness is determined, it is then determined if 
the closeness of the reference biometric data and the 
extracted biometric data is within a closeness threshold 
(block 504). If the closeness is within the threshold, then the 
message is a valid message and the vaHd count is incre- 
mented (block 108). It is then determined if the count of 
valid users exceeds the threshold for allowing authentication 
(i.e. have k users provided valid biometric information) 
(block 110). If the threshold has been reached, then an 
indication of authenticity is provided (block 112). 

If the closeness is not within the threshold (block 504) and 
the message is rejected or there have been fewer than k valid 
messages (block 110), then it is determined if more mes- 
sages are available for processing (block 106). If more 
messages are available to process then the next message is 
obtained and the validation process repealed. If however, no 
more messages arc available to process, then there arc 
insufficient users providing vahd biometric information and 
the authentication of the users is rejected (block 114). 

The tise of closeness in the multi -party biometric authen- 
tication as illustrated in FIG. 8 may be particularly well 
suited to comparing encrypted reference biometric data with 
encrypted extracted biometric data. Such a system for com- 
paring encrypted biometric data is illustrated in FIG. 9 and 
FIG. 10. Abiometric template T,-may be encrypted to protect 
users' privacy or to help protect a proprietary procedure for 
computing template values. It is also possible that the system 
responsible for authenticating a candidate user cannot 
decrypt T( and, therefore, can not directly compare B,- and T,-. 
This problem could be easily overcome if the biometric 
verification/identification consisted of merely checking 
whether B,=T,-. In that case, the system could instead encrypt 
B,- and verify that its encrypted value is equal to the 
encrypted value of T,- where encryption is performed with 
the same key. 

However, two samples of biometric data obtained from a 
user may not be exactly the same. That is, the biometric data 
are not precise, and so the biometric data sampled from a 
user are different from the calculated biometric template. 
Therefore, biometric verification/identification may involve 
only a test to determine if B, is close to T,- in .some sense. The 
closeness of B,- and T,- docs not, however, imply that their 
encrypted values are close in any way. However, utilization 
of the operations described in FIGS. 9 and 10 may overcome 
this problem. 

As is seen in FIG. 9, an initialization procedure involves 
generating an array of closeness values based on the close- 
ness threshold and the method of closeness utilized (block 
510). Furthermore, the encrypted biometric template is also 
stored (block 512). 

The encryption and generation of the array of closeness 
values may be generated in several different manners. For 
example, the i'^ user's biometric information may be a 
vector (Bij for j« 1,2, . . . m), for some m and this vector 
needs to be close to a template vector (T^J). However, the 
present invention will be described with reference to a 
generic user U and a case of m«l, i.e., when the user's 
biometric data can be described by one number B. The 
closeness of B to T can be expressed as either 

(a) |B-T|<d, for some reasonably small value of d, or 

(b) as having the binary representations of B and T differ 
in only a very small number of bits. 
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In the first case (a), if f is ihe number of bits in T, a p) is in C, where c is a value in the array C. Furthermore, as 

publicly known prime number p is established where p is with the array A, the same array C may serve multiple users 

larger than y and large enough that the discrete logarithm and different biometric parameters. 

problem in the multiplicative group of GF(p) could be Thus, the doscncss arrays A and C provide an exhaustive 

considered unsolvable for the purposes of a given apphca- S list of potential valid closeness values if the biometric values 

tion. Let g be a non -secret integer between 2 and p-2. The which arc encrypted are the same. Accordingly, the present 

authentication system will store z=g^(mod p). This will invention could be extended to other measures of closeness 

gu aran tee that the value of T re mains secret. The system will or increased Hamming distances if an exhaustive list of 

also store an array A of values g^mod p) for all integers v potential valid closeness values of the biometric values 

between 0 and d-1 for all users. lO which arc encrypted may be generated. 

A biometric sample that is measured as B is encrypted by As will be appreciated by those of skill in the art, Ihe 

computing y=g^(mod p) which is obtained by the authenti- encryption closeness determinations described above with 

cation system (block 520). A z value for a potential matching respect to FIGS. 9 and 10 may be readily incorporated into 

stored z value is then obtained (i.e. a candidate encrypted the system of RG. 8. Thus, the operations of FIG. 10 may 

template) (block 522). The closeness (x) of y and the 15 correspond to the operations of block 100, 500, 502 and 504 

candidate z is then determined by determining x=y/z=g^"^ of FIG. 8. Accordingly, the embodiment illustrated in FIGS, 

(mod p) (block 524). It is then determined if either x(mod p) 8, 9 and 10 provides for multi-party authentication without 

or x~\mod p) is in the closeness array A (block 526). If requiring decryption of a user's biometric data and further 

cither x(mod p) or x"\mod p) is in the closeness array A, may take into account variation in biometric data supplied 

then the user's biometric infomaation can be accepted (block 20 by a valid user. 

528). If neither x(mod p) or x'^mod p) is in the closeness FIGS. 11 and 12 describe a further embodiment of the 

array A then it is determined if there are more candidates present invention where error correction is utilized in multi- 

(block 530) and if so the procedure is repeated until either party authentication/validation. The error correction 

a match is found or all candidates have been processed. If all embodiment of FIGS. 11 and 12 utilizes error correction 

candidates have been processed and there remains no match, 25 codes described by Davida et al. identified above. The use of 

then the provided encrypted biometric sample is rejected error correction codes may compensate for the fact that the 

(block 532). Optionally, the system may report a forgery biometrics acquired for an individual are not measured 

attempt. perfectly. Each such measurement can be represented as a 

The closeness array A, for all users, can be pubHshed and, binary vector of 0 and 1 bits, where any one measurement 

in any event, it does not need to be kept secret. The 30 is at some Hamming distance from other measurements. For 

knowledge of its values, even combined with the knowledge example, the codewords Ci=10110101 and c^olOOlOlll are 

of z docs not help an attacker since it is still necessary to different in their and l'^ bits, and so Cj and Cj have a 

provide the biometric information B sufficiently close to T to hamming distance of 2. Empirical work in measuring 

be authenticated. biometrics, such as the iris, has shown that the expected 

If several biometric parameters B, j, B^- 2» • • • S|>i hamming distance is about 10 percent. That is, in any two 

measured for user i, and it is necessary that |B,y-T,J<dy for biometric samples, about 10 percent of the bits are different. 

j-1,2, . . . , m, then the system need only store the same array Moreover, the errors in the measured biometric samples 

Aof values with d=max(di, d2, ...» d,„). Therefore, allowing appear to be independent. Hence, error coaection codes can 

for multiple biometric parameters does not increase the be used advantageously to transform the "noisy"* biometric 

storage overhead in the authenticating system. Similariy, no 40 samples into a constant or fixed value, which can be used as 

additional data in the array needs to be stored to accommo- a biometric template, 

date multiple users. The same array A can be used to As is seen in FIG. 11, an odd number (j) of biometric 

authenticate every user U^i, U2, . . . , U„. samples are obtained from each user (block 600) and the j 

If the closeness determination is made based on Hamming biometric samples are majority decoded as described above 

distance (i.e. case (b) above) then the closeness of B and T 45 (block 602) to provide a canonical biometric template T for 

means that only a small number h of bits in the binary each user. As described above, the generation of a canonical 

representations of B and T differ. Preferably, h is no greater biometric template by majority decoding may be hmited to 

than 2. If h=l, then, as reflected in blo^^ 510 of FIG. 9, an only certain biometric types such as iris biometrics, 

array C of values {l,g,g^,g^ , • • g '} may be stored. However, if suitable substitutes for the canonical biometric 

Similarly, the encrypted biometric template (z) is deter- 50 template are available, then alternative biometrics may be 

mined as described above and stored (block 512). As with utilized. Once the canonical biometric template T is 

the previous example, an encrypted biometric sample (y) is obtained, error correction check digits, denoted by C, are 

obtained (block 520) and candidate biometric templates (z) computed on T (block 604). Davida, et al. describe a suitable 

are also obtained (block 522). The closeness is then again algebraic decoding method, called an (N,M4)) code. With 

determined as x«y/zog^-^(mod p) (block 524). If either 55 an (N,M,D) code, an information vector of M bits (in our 

x(mod p) or x"*(mod p) is in the stored array C, then the case, a canonical biometric template T), can be encoded into 

user's biometric information can be accepted (block 528). If a codeword or code vector T^ consisting of the M-bit 

neither x(mod p) or x"^(mod p) is in the closeness array C information vector concatenated with a (N-M) bit vector of 

then it is determined if there are more candidates (block 530) error correction check digits (C). Once the check bits are 

and if so the procedure is repeated until either a match is 60 determined, the check bits and the canonical template are 

found or all candidates have been processed. If all candi- .stored for each user (block 606). 

dates have arc processed and there remains no match, then The verification process is illustrated in FIG. 12. During 

the provided encrypted biometric sample is rejected (block the verification process, j biometric measurements are inde- 

532). Optionally, the system may report a forgery attempt. pendently generated on the user. These j biometric 

If h-2, then the same array C may be stored. In such a 65 measurements, or vectors, are put through a majority 

case, the system checks if for any c in C one of the four decoder to obtain the user's M-bit biometric template T. 

values xc(mod p), x"^c(mod p),xc~* (mod p), or x'^c'^mod This biometric template T is the provided as part of an 
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autbenticatioo message (block 100) and the biometric tem- 
plate T extracted from the message (block 610). Error 
correction is then performed on T using the previously 
computed check digits, C, (block 612) to obtain the cor- 
rected biometric template V\ The computed value of T' is 5 
then compared for equality against the canonical biometric 
template T (or reference value) (block 614). If T"=T, then the 
user is accepted and the valid count incremented (block 108) 
as described above. It is then determined if the count of valid 
users exceeds the threshold for allowing authentication (i.e. lO 
have k users provided valid biometric information) (block 
110). If the threshold has been reached, then an indication of 
authenticity is provided (block 112). 

As is seen in block 616, if T" and T do not match, then the 
procedure would be repeated using the values for addi- 15 
tional users, until either a T"=T or until all T*^ values have 
been exhausted and no match is found, in which case the 
user is not identified and it is determined if more messages 
are to be processed (block 106). If more messages are 
available to process then the next message is obtained (block 20 
100) and the validation process repeated. If however, no 
more messages are available to process, then there are 
insufScient users providing valid biometric information and 
the authentication of the users is rejected (block 114). 

In another embodiment of the present invention, a secret 25 
value, such as a secret key SK, may be determined from 
shares of the secret value distributed to multiple users. Such 
an embodiment of the present invention is illustrated in 
FIGS. 13, 14 and-15. The operations of FIGS. 13, 14 and 15 
allow the secret key SK to be recovered from any k 30 
canonical biometric template values T^, Tj, . . . , T„ and 
corresponding offset values Oj, Oj, . . - , 0„, The canonical 
biometric template values T^, T2, . . . , T„ need not be stored 
within the system, but instead they may be recomputed 
(on-the-fly) using the error correction codes described 35 
above. 

In the example utilized in describing the operations of 
FIGS. 13, 14 and 15, there are n users denoted Uj, U2, . . . , 
There also exists a system-defined public and private 
key pair, denoted PK and SK, used with a public key 40 
algorithm (e.g., the RSA cryptographic algorithm) for gen- 
erating and verifying signatures. The private key, SK, is 
divided into n pieces or shares, denoted Sj, Sj, . . . , S„ (block 
700). The precomputed shares S^ Sj, . . . , S„ are used with 
an (njc) threshold scheme, such that any k of the shares can 45 
be used to reconstruct the secret key SK. Pre-computed 
reference canonical biometric templates are determined for 
each user (block 702) and denoted by T^, T2, . . . , T„. The 
canonical biometric templates are computed from j (j is an 
odd number) biometric measurements generated for each 50 
user and put through a majority decoder as described above. 
The precomputed shares S^, S2, ■ • . , S„ are assigned to users 
(block 704) and the canonical biometric templates T^, 
Tj, . . . , T„ are used to compute offset values, denoted by 
Oj, O2, . . . , 0„, where O^=S;0T^ for i=l,2, . . . , n and 
denotes the Exclusive-OR operation (block 706). An (N,M, 
D) code defined by the system is used to compute check 
digits, denoted C,, Cj, . . . , f or each canonical biometric 
template (block 708). 

Each user U,- stores an ofi&et value 0,- and check digits C,- 
(block 710). In the preferred embodiment of the invention, 
the values (U,-, 0,-, arc contained in a defined structure, 
such as a special biometric certificate, which is signed by a 
trusted authority and capable of being verified by the system 
using a trusted public key. For example, the system could 
make use of a public key infrastructure (PKI) in which 
biometric certificates are signed by a certification authority 



(CA). The biometric certificates are validated at the time the 
system needs to use the information contained within them 
to recompute the private signing key SK. Preferably, the 
users store the signed triple (U,, 0„ for use when 
generating the secret key. 

In the event that the private signing key is to be recovered, 
k users are selected and notified. Each user U^- then carries 
out the operations illustrated in FIG. 14. As seen in FIG. 14, 
each notified user obtains its previously stored signed triple 
(U,., 0„ Q) (block 720). An odd number (j) of biometric 
measurements are independently generated on user 
(block 722) Preferably, the measurements are performed at 
system-controUed devices and the integrity of the measure- 
ments can be protected by the system. The j biometric 
measurements, or vectors, are put through a majority 
decoder to obtain the user U/s M-bit canonical biometric 
template T/ as described above (block 724). Preferably, the 
integrity of the biometric template T/ once computed is 
protected by the system for the duration of its use. The 
biometric template T/ and the signed triple (U,-, 0,-, C^) arc 
then sent to a central location under the control of the system 
where SK is to be recovered (block 726), e.g., a server 
controlled by the system. 

The operations of FIG. 15 are performed at the central 
location when the MStrs' data is received to recover SK at the 
central location. A user's template and signed triple are 
obtained (block 730) and the signed triple (U,-, O^-, Q) is 
validated using the public key of the trusted authority (e.g., 
a CA) (block 732), If the signed triple is not valid then it is 
determined if more user data is available (block 734). If 
more user data is available, then the next user data is 
obtained the process begins again. If no more user data is 
available, then k valid user data was not received and the 
secret value SK cannot be recovered so the operation ends. 

If the signed triple is valid, then error correction is 
performed on T/ using check digits C- to obtain the corrected 
biometric template T/' (block 736). The values T," and O,- 
are then used to compute the candidate value S/' as follows: 
S/'=0,-©T/' (block 738). If fewer than k shares have been 
recovered (block 740), then it is determined if more user 
data is available (block 734) and if so the process repeated. 
If not, then the process ends. 

If k shares have been recovered, then each of the recov- 
ered candidate values of S/', for each of the k users, is used 
with the prescribed (n,k) threshold scheme to recover the 
signing key SK (block 742). Those skilled in the art will 
recognize that S/'«Sf for each of the k users only if the users 
arc valid, since only then are the users able to provide the 
correct j biometric measurements that will enable the recov- 
ery steps and the (n,k) threshold scheme itself to succeed. 

The recovery system of FIGS. 13, 14 and 15, the pre- 
computed shares Sj, Sj, . . . , S„ are preferably kept secret. 



This impUes that offset values Oj, O2 



, 0^ should also 



be kept secret, since the biometric data will (for practical 
purposes) be treated by the system as non -secret data. 
Therefore, it is preferred that each user protect the secrecy 
of their assigned offset value, and that the offeet values are 
encrypted during periods in which they are transmitted to the 
central authority where they are used to recovery the key 
SK. Those skilled in the art will also recognize that there are 
many different protocols for establishing an encryption key 
between a user and a central authority (e.g., a server) and for 
accomplishing the required encryption operation. 
Accordingly, the present invention is not limited to any 
particular encryption methodology utilized between the user 
and the central authority. 

As will be appreciated by those of skill in the art, the 
recovery system of FIGS. 13, 14 and 15 may also be utilized 
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for muliipany authentication by testing the recovered secret 
value against a previously stored version of the secret value 
to determine if the two values correspond. If the recovered 
and stored secret values correspond, then the multiple par- 
lies are authenticated. 

As each of the above described embodiments of the 
present invention allow for the use of multiple types of 
biometric information, it is preferred that the biometric 
information and types of biometric information associated 
with a user be maintained in a manner which allows for 
revising and/or changing the utilization of the biometric 
information for a given user. For example, the same exact 
biometric method may not withstand the test of time, due to 
different physical traits in individuals, due to injury relating 
to a body part associated with the particular biometric 
method, or due to any number of other factors, including 
social acceptance of certain techniques. Therefore, it is 
preferred that the embodiments of the present invention be 
capable of allowing different biometric vaUdation tech- 
niques to be used concurrently or substituted over time. 

To that end, it is preferred that a validation table which 
may be referred to as a "Biometric Substitution Table" be 
utilized in tracking biometric information associated with a 
user. This table is addressed with the user's user identifica- 
tion and contains the user identification (User ID), a primary 
biometric authentication value associated with the User ID, 
biometric templates associated with the User ID and, 
preferably, and identification of the type of biometric asso- 
ciated with each of the biometric template values. An 
example of such a table is illustrated in Table 1. 

TABLE 1 



Biometric Substitution T^ble 



User 
ID 



Primary Biometric 
Authentication 



Biometric 
Type 



Biometric 
Template 



User 1 



User 2 



User n 



Voice 



Facial Scan 



Left Iris 



Right Thumb 
Facial Scan 
Voice 
Left Iris 

Right Thumb 
Facial Scan 
Voice 
Left Iris 



Right Hiumb 
Facial Scan 
Voice 
Left Iris 



OllOQl . 
101010 . 

iiooai . 

111000 . 

010111 . 
100101 . 
001010 . 
110101 . 



101111 
111010 
110111 
0001 01 



10 



15 



25 



30 



35 



40 



The above table may be utilized with the various embodi- 
ments of the present invention to store either encrypted or 
un-encrypled biometric templates, check bits or other bio- 
metric information associated with a user. Furthermore, 
while various embodiments of the present invention have 
been described as performing an exhaustive search to com- 
pare biometric information, as will be appreciated by those 
of skill in the art, if a user identification is provided by the 
users, then a comparison of only biometric information 
stored in the table associated with the user identification may 
be performed. 

The above table structure allows for adding new biometric 
information associated with a user as well as changing the 
biometric information utilized to match with user provided 
biometric information by changing the primary biometric 
authentication type for a user. A procedure for changing the 
primary biometric authentication type of a user is illustrated 
in HG, 16. 



50 



55 



60 



65 



Changing the primary biometric authentication type for a 
user requires x distinct biometric validations. The number x 
is defined by a security poficy. The ability to change the 
primary vafidation mechanism allows new and improved 
biometric techniques to be integrated over lime and allows 
flexibility in implementation. 

As an example, suppose that User 1, whose primary 
biometric authentication type is voice, would like to change 
its primary biometric authentication type to facial scan. 
Suppose, also, that two distinct biometric validations are 
required in order for the change to be authorized (i.e., x=2 
for User 1). In that case, biometric validations based on any 
two biomeU'ic types (right thumb, facial scan, voice or left 
iris) would permit User I's primary biometric authentication 
type to be changed from voice to facial scan. Thus, as seen 
in FIG. 16, User 1 would request to change the primary 
biometric authentication type and provide at least two dif- 
ferent types of biometric information with the message 
(block 800). It would then be determined if the biometric 
information provided is sufficient to allow the primary 
biometric authentication type to be changed (block 802). If 
two different types of valid biometric information are not 
provided, then the message is rejected (block 804). 
Otherwise, the primary biometric authentication type is 
changed to the requested type and the table is updated to 
reflect the change (block 806). 

The present invention has been described with reference 
to "messages" and "authentication messages" however, as 
will be appreciated by those of skill in the art, the messages 
according to the present invention may be initiated by a user 
or user's processor or may be received in response to a 
request for authentication information from a central author- 
ity. Furthermore, the present invention should not be limited 
to any particular format for messages but the term message 
is used in a generic sense to describe the conveying of 
information to the object, process, program or processor 
which utilizes the information for authentication, validation 
or value generation. 

In the drawings and specification, there have been dis- 
closed typical preferred embodiments of the invention and, 
although specific terms are employed, they are used in a 
generic and descriptive sense only and not for purposes of 
limitation, the scope of the invention being set forth in the 
following claims. 

That which is claimed is: 

1. A method of multi-party authentication wherein bio- 
metric templates (T) corresponding to encrypted biometric 
templates comprise f bits, wherein a publicly known prime 
number (p) is larger than 2^, and wherein a non-secret integer 
(g) is between 2 and p-2, the method comprising the steps 
of: 

receiving a plurality of biometric authentication messages 
associated with a corresponding plurality of users 
wherein the biometric authentication messages include 
biometric data concsponding to the users that com- 
prises an encrypted biometric sample; 

determining if each of the plurahty of received biometric 
authentication messages is a vahd message based on 
the biometric data contained in the biometric authen- 
tication message so as to determine a quantity of valid 
biometric authentication messages; 

providing an indication of authentication if the quantity of 
the vahd messages of the received pluraUty of mes- 
sages is at least an authentication threshold value of 
messages for different users of the plurality of users 
having different biometric data; 

wherein a closeness between the received enciTpted bio- 
metric sample and a candidate encrypted biometric 
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template is determined based oq a difference in value 
between the biometric sample and the biometric 
template, and wherein the step of determining com- 
prises the steps of: 

comparing the received encrypted biometric sample s 
with encrypted biometric templates of valid users; 
and 

determining that the received biometric authentication 
message is a valid message if the comparison indi- 
cates that the received encrypted biometric sample lO 
corresponds to an encrypted biometric template of a 
valid user; 

wherein the step of comparing comprises the steps of: 

determining a closeness between the received 
encrypted biometric sample and a candidate 15 
encrypted biometric template; and 

determining that the encrypted biometric sample cor- 
responds to the candidate encrypted biometric tem- 
plate if the closeness between the received encrypted 
biometric sample and a candidate encrypted biomet- ^ 
ric template is within a closeness threshold; 

encrypting biometric templates (T) of valid users by 
determining z^g^(mod p) to provide the encrypted 
biometric templates (z) of valid users; 

generating valid closeness indicator values (x) where 25 
x=gy (mod p) for v having integer values between 0 
and a closeness threshold; and 

storing the valid closeness indicators. 

2. A method according to claim 1, wherein the received 
biometric authentication messages comprise a user identifi- 30 
cation and user biometric data and wherein the step of 
determining comprises the steps of: 

comparing the received user biometric data with previ- 
ously stored biometric data corresponding to the user 
identification of the received biometric authentication '^^ 
message; and 

determining that the received biometric authentication 
message is a vaUd message if the comparison indicates 
that the received user biometric data corresponds to the 
stored biometric data. 

3. A method according to claim 2, wherein the received 
user biometric data comprises a canonical biometric tem- 
plate generated from a plurality of biometric samples and 
wherein the previously stored biometric data comprises a 
canonical biometric template generated from a plurality of 
biometric samples. 

4. A method according to claim 3, wherein the canonical 
biometric templates are generated by majority decoding the 
plurality of biometric samples. 

5. A method according to claim 1, wherein the user 
biometric data and the stored biometric data comprise at 
least one of fingerprint, hand geometry, iris pattern, facial 
features, voice characteristics, handwriting dynamics, ear- 
lobe characteristics and keystroke dynamics. 

6. A method according to claim 1, wherein the received 
biometric authentication message comprise a sample of 
biometric information from a user and a signed tuple com- 
prising a user identification and a biometric template corre- 
sponding to the user, and wherein the step of determining 
comprises the steps of: 

verifying the signature of the signed tuple; 

comparing the received sample of user biometric data 
with the biometric template of the received tuple if the 
signature of the signed tuple is verified; and 55 

determining that the received biometric authentication 
message is a valid message if the comparison indicates 
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that the received sample of user biometric data corre- 
sponds to the biometric template of the signed tuple. 

7. A method according to claim 6, wherein the step of 
comparing comprises the steps of: 

determining a closeness between the received sample of 
user biometric data and the biomeu-ic template of the 
signed tuple; and 

determining that the received sample of user biometric 
data corresponds to the biometric template of the 
signed tuple if the closeness between the received 
sample of user biometric data and the biometric tem- 
plate of the signed tuple ts within a predefined close- 
ness threshold. 

8. A method according to claim 1 further comprising the 
steps of: 

encrypting a biometric sample (B) by determining y«g* 
(mod p) so as to provide the encrypted biometric 
sample (y); and 

wherein the step of determining a closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template and the step of determin- 
ing that the encrypted biometric sample corresponds to 
the candidate encrypted biometric template if the close- 
ness between the received encrypted biometric sample 
and a candidate encrypted biometric template is within 
a closeness threshold comprise the step of determining 
if at least one of y/z (mod p) and (y/2)"^(mod p) is equal 
to one of the stored valid closeness indicator. 

9. A method according to claim 1, wherein the biometric 
templates associated with a user comprises a plurality of 
biometric template having a plurality of closeness thresholds 
associated therewith, and wherein the step of generating 
valid closeness indicator values (x) where x=g*'(mod p) for 
V having integer values between 0 and the closeness thresh- 
old comprises the step of generating valid closeness indica- 
tor values (x) where x=g''(mod p) for v having integer values 
between 0 and a highest value of the closeness thresholds 
associated with the plurality of biometric templates, 

10. A method of multi -party authentication wherein a 
closeness between the received encrypted biometric sample 
and a candidate encrypted biometric template is determined 
based on a hamming distance between the biometric sample 
and the biometric template, wherein biometric templates (T) 
corresponding to the encrypted biometric templates com- 
prise f bits, wherein a publicly known prime number (p) is 
larger than 2^, wherein a non-secret integer (g) is between 2 
and p-2: 

receiving a plurality of biometric authentication messages 
associated with a corresponding plurality of users 
wherein the biometric authentication messages include 
biometric data corresponding to the users that com- 
prises an encrypted biometric sample; 

determining if each of the plurality of received biometric 
authentication messages is a valid message based on 
the biometric data contained in the biometric authen- 
tication message so as to determine a quantity of vahd 
biometric authentication messages; 

providing an indication of authentication if the quantity of 
the valid messages of the received plurality of mes- 
sages is at least an authentication threshold value of 
messages for different users of the plurality of users 
having different biometric data; 

wherein the step of determining comprises the steps of: 
comparing the received encrypted biometric sample 
with encrypted biometric templates of valid users; 
and 
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determining ihal the received biometric authentication 
message is a valid message if the comparison indi- 
cates thai the received encrypted biomeiric sample 
corresponds to an encrypted biometric template of a 
valid user; s 
wherein the step of comparing comprises the steps of: 
determining a closeness between the received 
encrypted biometric sample and a candidate 
encrypted biometric template; and 
determining that the encrypted biometric sample cor- lo 
responds to the candidate encrypted biometric tem- 
plate if the closeness between the received encrypted 
biometric sample and a candidate encrypted biomet- 
ric template is within a closeness threshold; 
encrypting biometric templates (T) of valid users by 15 
determining z=g^(mod p) to provide the encrypted 
biometric templates (z) of valid users; 
encrypting a biometric sample (B) by determining y=g^ 
(mod p) so as to provide the encrypted biometric 
sample (y); '^^ 
storing the set of values 2*^ for each m and n where n is 
the set of integer values from 0 to 2 and m is the set of 
integer values from 0 to f-1 as a set of initial closeness 
indicators (c); and 
wherein the step of determining a closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template and the step of determin- 
ing that the encrypted biometric sample corresponds to 
the candidate encrypted biometric template if the close- 
aess between the received encrypted biometric sample 
and a candidate encrypted biometric template is within 
a closeness threshold comprise the step of determining 
the closeness between the encrypted biometric sample 
(y) and the encrypted biometric template (z) utilizing 
the initial closeness indicators (c). 

11. A method according to claim 10, wherein the step of 
determining the closeness between the encrypted biometric 
sample (y) and the encrypted biometric template (z) utilizing 
the initial closeness indicators (c) comprises the step of 
determining if at least one of y/z (mod p) and (y/z)"^(mod 
p) is equal to one of the stored initial closeness indicators. 

12. A method according to claim 10, wherein the step of 
determining the closeness between the encrypted biometric 
sample (y) and the encrypted biometric template (z) utilizing 
the initial closeness indicators (c) comprises the step of 
determining if at least one of cy/z (mod p), c(y/z)~^(mod p), 
c"^(y/z) (mod p) and c"^(y/z)"^(mod p) is equal to one of the 
stored initial closeness indicators. 

13. A method of distributing a secret value across multiple 
users, the method comprising the steps of: 

dividing the secret value into a plurahty of shares; 

determining a canonical biometric template for each of 
the multiple users; 

encoding each of the canonical biometric templates to 55 
provide corresponding check digits; and 

determining offsets for each of the multiple users wherein 
an ofiEset associated with a user is determined based on 
the canonical biometric template of the user and a share 
of the secret value associated with the user. 60 

14. A method according to claim 13, further comprising 
the step of providing the corresponding oflfeet and check 
digits to corresponding ones of the multiple users. 

15. A method according lo claim 13, further comprising 
the steps of: 65 

obtaining a sampled canonical biometric template from a 
plurality of the multiple users; 



50 



obtaining corresponding offset and check digits of the 
plurality of multiple users; 

error correcting the sampled canonical biometric tem- 
plates utilizing the corresponding check digits of the 
plurality of multiple users so as to provide corrected 
canonical biomeiric templates for the phirality of the 
multiple users; 

determining shares of the secret value corresponding to 
the plurality of the multiple users from the coacspond- 
ing ofikel and corrected canonical biometric templates 
of the plurality of the multiple users; and 

recovering the secret value from the dctcraiincd shares of 
the secret value. 

16. A method according to claim 13, wherein the step of 
determining a canonical biometric template for each of the 
multiple users comprises the steps of: 

obtaining a plurality of biometric samples for each of the 
multiple users; and 

majority decoding the plurality of samples for corre- 
sponding ones of the multiple users so as to provide 
corresponding canonical biometric templates. 

17. A method according to claim 13, where the step of 
encoding each of the canonical biometric templates to 
provide corresponding check digits, comprises the step of 
generating an (N,M,D) code having an M-bit information 
vector and N-M bits of error correction check digits where 
the canonical biometric templates comprise M bits. 

18. A method according to claim 13, wherein the step of 
dividing the secret value into a plurahty of shares comprises 
the step of dividing the secret value into a plurality of shares 
where the secret value can be reconstructed from fewer than 
all of the plurality of shares. 

19. A method according to claim 13, wherein the secret 
value is a secret key utilized with a public key cryptographic 
algorithm. 

20. A method according to claim 15, wherein the step of 
obtaining a sampled canonical biometric template from a 
plurality of the multiple users and the step of obtaining 
corresponding ofEset and check digits of the plurality of 
multiple users comprise the step of receiving from the 
plurality of multiple users a signed triple which comprises 
the oflket, check digits and sampled canonical biometric 
templates corresponding to the user. 

21. A method according to claim 20 further comprising 
the steps of: 

verifying the authenticity of the signature of the signed 
triple; and 

rejecting the signed triple if the verifying step fails to 
authenticate the signature of the signed triple. 

22. A system for multi-party authentication, wherein 
biometric templates (T) corresponding to encrypted biomet- 
ric templates comprise f bits, wherein a publicly known 
prime number (p) is larger than 2^, and wherein a non-secret 
integer (g) is between 2 and p-2, comprising: 

means for receiving a plurality of biometric authentication 
messages from a corresponding plurality of users 
wherein the biometric authentication messages include 
biometric data corresponding to the user that comprises 
an encrypted biometric sample; 

means for determining if each of the plurahty of received 
biometric authentication messages is a valid message 
based on the biometric data contained in the biometric 
authentication messages so as lo determine a quantity 
of valid biometric authentication messages^ and 

means for providing an indication of authentication if the 
quantity of the valid messages of the received plurality 
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of messages is ai least an authentication threshold value 
of messages for different users of the plurality of users 
having different biometric data; 
wherein a closeness between the received encrypted bio- 
metric sample and a candidate encrypted biometric 
template is determined based on a difference in value 
between the biometric sample and the biometric 
template, and wherein the means for determining com- 
prises: 

means for comparing the received encrypted biometric 
sample with encrypted biometric templates of valid 
users; and 

means for determining that the received biometric 
authentication message is a valid message if the 
comparison indicates that the received encrypted 
biometric sample corresponds to an encrypted bio- 
metric template of a valid user, 
wherein the means for comparing comprises: 

means for determining a closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template; and 

means for determining that the encrypted biometric 
sample corresponds to the candidate encrypted bio- 
metric template if the closeness between the received 
encrypted biometric sample and a candidate 
encrypted biometric template is within a closeness 
threshold; 

means for encrypting biometric templates (T) of valid 
users by determining z=g^(mod p) to provide the 
encrypted biometric templates (z) of valid users; 

means for generating valid closeness indicator values (x) 
where x=g^ (mod p) for v having integer values 
between 0 and a closeness threshold; and 

means for storing the valid closeness indicators. 

23. A system for distributing a secret value across multiple 
users, comprising: 

means for dividing the secret value into a plurality of 
shares; 

means for determining a canonical biometric template for 

each of the multiple users; 
means for encoding each of the canonical biometric 

templates to provide corresponding check digits; 
means for determining offisets for each of the multiple 

users wherein an offiset associated with a users is 

determined based on the canonical biometric template 

of the user and a share of the secret value associated 

with the user; and 
means for providing the corresponding offset and check 

digits to corresponding ones of the multiple tisers. 

24. A computer program product for multi-party authen- 
tication wherein biometric templates (T^ corresponding to 
encrypted biometric templates comprise f bits, wherein a 
publicly known prime number (p) is larger than 2^, and 
wherein a non-secret integer (g) is between 2 and p-2, 
comprising: 

a computer- readable storage medium having computer- 
readable program code means embodied in said 
medium, said computer-readable program code means 
comprising: 

computer-readable program code means for receiving a 
plurality of biometric authentication messages from a 
corresponding plurality of users wherein the biometric 
authentication messages include biometric data corre- 
sponding to the user that comprises an encrypted bio- 
metric sample; 
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computer-readable program code means for determining 
if each of the plurality of received biometric authenti- 
cation messages is a valid message based on the 
biometric data contained in the biometric authentica- 
tion messages so as to determine a quantity of valid 
biometric authentication messages; and 
computer-readable program code means for providing an 
indication of authentication if the qtiantity of the valid 
messages of the received plurality of messages is at 
least an authentication threshold value of messages for 
different users of the plurality of users having different 
biometric data; 
wherein a closeness between the received encrypted bio- 
metric sample and a candidate encrypted biometric 
template is determined based on a difference in value 
between the biometric sample and the biometric 
template, and wherein the computer-readable program 
code means for determining comprises: 
computer- readable program code means for comparing 
the received encrypted biometric sample with 
encrypted biometric templates of valid users; and 
computer- readable program code means for determin- 
ing that the received biometric authentication mes- 
sage is a valid message if the comparison indicates 
that the received encrypted biometric sample corre- 
sponds to an encrypted biometric template of a valid 
user; 

wherein the computer-readable program code means for 
comparing comprises: 

computer- readable program code means for determin- 
ing a closeness between the received encrypted bio- 
metric sample and a candidate encrypted biometric 
template; and 
computer-readable program code means for determin- 
ing that the encrypted biometric sample corresponds 
to the candidate encrypted biometric template if the 
closeness between the received encrypted biometric 
sample and a candidate encrypted biometric template 
is within a closeness threshold; 
computer-readable program code means for encrypting 
biometric templates (T) of valid users by determining 
z=g^(mod p) to provide the encrypted biometric tem- 
plates (z) of valid users; 
computer-readable program code means for generating 
valid closeness indicator values (x) where xsg" (mod p) 
for V having integer values between 0 and a closeness 
threshold; and 

computer-readable program code means for storing the 
valid closeness indicators. 

25. A computer program product for distributing a secret 
value across multiple users, comprising: 

a computer-readable storage medium having computer- 
readable program code means embodied in said 
medium, said computer-readable program code means 
comprising: 

computer-readable program code means for dividing the 

secret value into a plurality of shares; 
computer-readable program code means for determining a 

canonical biometric template for each of the multiple 

users; 

computer-readable program code means for encoding 
each of the canonical biometric templates to provide 
corresponding check digits; 

computer-readable program code means for determining 
offsets for each of the multiple users wherein an offset 
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associated wiih a users is determined based on the 
canonical biometric template of the user and a share of 
the secret value assodaied with the user; and 
computer-readable program code means for providing the 
corresponding offisct and check digits to corresponding 
ones of the multiple users. 
26. A system for multi-party authentication wherein a 
closeness between the received encrypted biometric sample 
and a candidate encrypted biometric template is determined 
based on a hamming distance between the biometric sample 
and the biometric template, wherein biometric templates (T) 
corresponding to the encrypted biometric templates com- 
prise f bits, wherein a publicly known prime number (p) is 
larger than 2^, wherein a no n -secret integer (g) is between 2 
and p-2, comprising: 

means for receiving a plurality of biometric authentication 
messages associated with a corresponding plurality of 
users wherein the biometric authentication messages 
include biometric data corresponding to the users that 
comprises an encrypted biometric sample; 
means for determining if each of the plurality of received 
biometric authentication messages is a valid message 
based on the biometric data contained in the biometric 
authentication message so as to determine a quantity of 
valid biometric authentication messages; 
means for providing an indication of authentication if the 
quantity of the valid messages of the received plurality 
of messages is at least an authentication threshold value 
of messages for different users of the plurality of users 
having different biometric data; 
wherein the means for determining comprises: 

means for comparing the received encrypted biometric 
sample with encrypted biometric templates of valid 
users; and 

means for determining that the received biometric 
authentication message is a valid message if the 
comparison indicates that the received encrypted 
biometric sample corresponds to an encrypted bio- 
metric template of a vaUd user; 
wherein the means for comparing comprises: 

means for determining a closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template; and 

means for determining that the encrypted biometric 
sample corresponds to the candidate encrypted bio- 
metric template if the closeness between the received 
encrypted biometric sample and a candidate 
encrypted biometric template is within a closeness 
threshold; 

means for encrypting biometric templates (T) of valid 
users by determining z-g^(Mod p) to provide the 
encrypted biometric templates (z) of valid users; 

means for encrypting a biometric sample (B) by deter- 
mining y=g''(mod p) so as to provide the encrypted 
biometric sample (y); 

means for storing the set of values 2'*" for each m and n 
where n is the set of integer values from 0 to 2 and m 
is the set of integer values from 0 to f-1 as a set of 
initial closeness indicators (c); and 

wherein the means for determining a closeness between 
the received encrypted biometric sample and a candi- 
date encrypted biometric template and the means for 
determining that the encrypted biometric sample cor- 
responds to the candidate encrypted biometric template 
if the closeness between the received encrypted bio- 
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metric sample and a candidate encrypted biometric 
template is within a closeness threshold comprise 
means for determining the closeness between the 
encrypted biometric sample (y) and the encrypted bio- 
metric template (z) utilizing the initial closeness indi- 
cators (c). 

27. A computer program product for multi -party authen- 
tication wherein a closeness between the received encrypted 
biometric sample and a candidate encrypted biometric tem- 
plate is determined based on a hamming distance between 
the biometric sample and the biometric template, wherein 
biometric templates (T) corresponding to the encrypted 
biometric templates comprise f bits, wherein a pubhcly 
known prime number (p) is larger than 2^, wherein a non- 
secret integer (g) is between 2 and p-2, comprising: 
a computer- readable storage medium having computer- 
readable program code means embodied in said 
medium, said computer-readable program code means 
comprising: 

computer-readable program code means for receiving a 
plurality of biometric authentication messages associ- 
ated with a corresponding plurality of users wherein the 
biometric authentication messages include biometric 
data corresponding to the users that comprises an 
encrypted biometric sample; 

computer-readable program code means for determining 
if each of the pluraUty of received biometric authenti- 
cation messages is a valid message based on the 
biometric data contained in the biometric authentica- 
tion message so as to determine a quantity of valid 
biometric authentication messages; 

computer-readable program code means for providing an 
indication of authentication if the quantity of the valid 
messages of the received plurality of messages is at 
least an authentication threshold value of messages for 
different users of the plurality of users having different 
biometric data; 

wherein the computer-readable program code means for 
determining comprises: 

computer- readable program code means for comparing 
the received encrypted biometric sample with 
encrypted biometric templates of valid users; and 

computer- readable program code means for determin- 
ing that the received biometric authentication mes- 
sage is a valid message if the comparison indicates 
that the received encrypted biometric sample corre- 
sponds to an encrypted biometric template of a valid 
user; 

wherein the computer-readable program code means for 
comparing comprises: 

computer- readable program code means for determin- 
ing a closeness between the received encrypted bio- 
metric sample and a candidate encrypted biometric 
template; and 

computer- readable program code means for determin- 
ing that the encrypted biometric sample corresponds 
to the candidate encrypted biometric template if the 
closeness between the received encrypted biometric 
sample and a candidate encrypted biometric template 
is within a closeness threshold; 
computer-readable program code means for encrypting 
biometric templates (T) of valid users by determining 
z='g^(mod p) to provide the encrypted biometric tem- 
plates (z) of valid users; 
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computer-readable program code means for encrypting a 
biometric sample (B) by determining y-g*(mod p) so 
as to provide the encrypted biometric sample (y); 

computer-readable program code means for storing the set 
of values 2" for each m and n where n is the set of 5 
integer values from 0 to 2 and m is the set of integer 
values from 0 to f-1 as a set of initial closeness 
indicators (c); and 

wherein the computer- readable program code means for 
determining a closeness between the received 
encrypted biometric sample and a candidate encrypted 
biometric template and the computer-readable program 
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code means for determining that the encrypted biomet- 
ric sample corresponds to the candidate encrypted 
biometric template if the closeness between the 
received encrypted biometric sample and a candidate 
encrypted biometric template is within a closeness 
threshold comprise computer-readable program code 
means for determining the closeness between the 
encrypted biometric sample (y) and the encrypted bio- 
metric template (z) utilizing the initial closeness indi- 
cators (c). 
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